Wireless Access

Reply
Contributor II
Posts: 36
Registered: ‎08-28-2014

Or devices can no longer Autenticate

Hi All

 

Not sure what happened but all of a sudden none of our devices are able to authenticate with our radius controlled SSID.

The NPS srver is running fine the Aruba 7210 is running fine I ahve not gotten any errors reports.

We Have 4 SSID.

 

one is Captured portal Guest. That works fine.

second is PSK Guest for internal user mobil devices. That works fine

Third is a very long and complicated PSK for our internal network which is used for our hand scanners. That works fine.

The forth and last is a Radius Authenticted Domain joined network nothing can authenticate for this now.

We use 802.1x machine and user authentications for the third network using AD groups for the authenticated users and Domain Computers group for the devices.

This way only domain joined devices and authenticted users on our domain cn connect to the network.

 

This was working fine but then I recently realised when i went to do a restart of the NPS server that there were no devices connected to this network. At first since a lot of the users that normally wirlessly connect to this network were away I figured there as nobody using it.

After the restart I noticed that  still no devices coudl connect to this network.

 

Any ideas on what could cause this?

 

Thanks

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Or devices can no longer Autenticate

You should check the event logs on the NPS server.

Also, on the controller, run “show log security 50”. Please post that output.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Or devices can no longer Autenticate

Hey thanks for the response.

 

The only error I coudl find on the nps is this error

"A Radius messsage was received from the invalid Radius client ip address ""

The IP it was pointing to is for one of our servers which does not even have wireless not sure why that error came up.

 

As for the second one for some reason I can't rember the enable password I tried every password we would have used but none are accepted.

I just tried to go through the reset admin password process but get hit with access denied when I enter the forgetme! password.

 

Any ideas on how to reset the enable password?

 

Thanks

 

 

 

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Or devices can no longer Autenticate

I was going to use the controller wizard again but even tho I haven't changed anything but the enable password it keeps telling me that the 0/0/0 uplink port has changed and requires a reboot.

I can go ahead with this but not sure if it is going to stuff up our configurations.

Everything looks correct just dont want to bring it all down as we had a contractor com in and do our original configuration.

 

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Or devices can no longer Autenticate

Hi Here are the logs evntually I was able to get the enable password to work again.

 

arubalog1.JPG

 

arubalog2.JPG

 

Let me know if this helps.

 

Thanks

 

Sy

 

Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Or devices can no longer Autenticate

Check that the controller is configured as a NAS on the NPS server, as it looks like its receiving requests from a device (the controller) that it doesnt know about.

Guru Elite
Posts: 20,777
Registered: ‎03-29-2007

Re: Or devices can no longer Autenticate

You have to see in the evenviewer in NPS why it is rejecting that user.  If you had the wrong nas-ip, the radius server would just not respond and the controller would say that the server timed out.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Or devices can no longer Autenticate

Hy guys thanks for the replies.

 

Going through all of the logs on the server, the controller and the client trying to connect.

 

These are the below errors that seem to realte to the failed connection.

 

ON the Client.

 

I am getting event 36888 "The following fatal alert was generated: 45. The internal error state is 552.

And

Event 36881 "The certificat received from teh remote server has either expird or is not yet valid. The SSL connection request has failed. The attached data contains the server crtificate.

 

The NPS server is giving me a warning tell me he Certificate for local system wih Thumbprint "" is about to expire or already expired.

 

I looks like the certificate on the nps server has expired although I am not sure.

It should not have expired aleady.

 

Hope that helps.

 

Cheers

 

Sy

 

MVP
Posts: 2,948
Registered: ‎10-25-2011

Re: Or devices can no longer Autenticate

[ Edited ]

If you want to check if the certificate expired

You can see that information though the NPS console here:

You can check the expiration date there.

 

8021x.jpg

 

 

I know its on spanish but its on network policies, and on constrains tab i think its in english.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Or devices can no longer Authenticate

[ Edited ]

Yeap I checked it and the certificate had expired on the 24/08/2014 so I am just waiting for our head office to renew it for me.

Thanks

Sy

Search Airheads
Showing results for 
Search instead for 
Did you mean: